Home of the Squeezebox™ & Transporter® network music players.
Results 1 to 9 of 9
  1. #1
    Junior Member
    Join Date
    May 2018
    Posts
    9

    Advanced networking question about LMS on linux

    Hello Everyone, and thank's for all of the work you have done there for so many years.

    I'm having issues with the network part of the Squeezebox ecosystem. I have a hard time finding information, so fixing mistake take a while.

    Right now, i'm having a hard time having both network redirection of the http, and having working client.
    From what i have understood, the port used are 9000 for the webpage, 9090 for the cli, and 3483 for slimproto (i have no idea of what this is exactly but i can guess)
    if i let 9000 open, and just do a proxy with apache from tcp/80 to localhost:9000 it work well and my client can connect. But i can't let it that way, and i need to "force" the 9000 port on a dedicated interface.
    For that, here are my conf :

    /etc/default/logitechmediaserver
    Code:
    # User to run Logitech Media Server as
    SLIMUSER=squeezeboxserver
    
    SLIMOPTIONS="--httpaddr 127.0.0.1 --httpport 8999 --cliaddr 192.168.1.XX --playeraddr 192.168.1.XX --streamaddr 192.168.1.XX"
    /etc/apache2/sites-available/lms.conf
    Code:
    listen 9000
    
    <VirtualHost 172.16.0.100:80 172.16.0.100:9000>
        ServerName lms.mydomain.com
        ProxyPreserveHost ON
        ProxyRequests OFF
        ProxyPass / hxxp://127.0.0.1:8999/
        ProxyPassReverse / hxxp://127.0.0.1:8999/
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log vhost_combined
    </VirtualHost>
    I replaced http with hxxp because it's my first post and i wasn't allowed to send link
    Iptables-save
    Code:
    # Generated by iptables-save v1.6.0 on Sat May  5 19:57:29 2018
    *filter
    :INPUT ACCEPT [18780:16002220]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [18542:17423192]
    :f2b-sshd - [0:0]
    -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
    -A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
    -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -i eth1 -p tcp -m tcp --dport 443 -j ACCEPT
    -A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -i eth0 -p tcp -m tcp --dport 9000 -j ACCEPT
    -A f2b-sshd -j RETURN
    COMMIT
    # Completed on Sat May  5 19:57:29 2018
    # Generated by iptables-save v1.6.0 on Sat May  5 19:57:29 2018
    *nat
    :PREROUTING ACCEPT [149:21437]
    :INPUT ACCEPT [910:60493]
    :OUTPUT ACCEPT [436:29441]
    :POSTROUTING ACCEPT [187:11212]
    -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.16.0.100
    -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.0.100
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.16.0.101
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.0.101
    -A PREROUTING -i eth0 -p tcp -m tcp --dport 9000 -j DNAT --to-destination 172.16.0.100
    -A POSTROUTING -o eth0 -j MASQUERADE
    -A POSTROUTING -o eth1 -j MASQUERADE
    COMMIT
    # Completed on Sat May  5 19:57:29 2018
    As you can see, i need to nat port from my interface to a local IP, and then i serve the webpage both on tpc/80 and tcp/9000
    This is a requirement of my infrastructure.

    Sadly, when i let it like that, i do get the webpage on both port, but none of my client can find the server (i specified the IP). If i remove
    Code:
    --httpaddr 127.0.0.1
    from LMS startup argument, then client can find the server.

    Can anyone help me understand where id i messed up ? I thinked it should work since i find this(firstpost, can't use link : awesomeco.de/blog/serving-logitech-media-server-slimserver-squeezeboxserver-over-https) tutorial who also force all traffic from tcp/9000 throught apache.

    Thank's everyone for your time !

    EDIT : Sorry, i forgot a huge information, my audio client work well, what doesn't work are controler client, like phone app, jivelight, squeezeplay.... they can't find the lms server, where the audio player don't have issue.
    Last edited by vlycop; 2018-05-09 at 13:21. Reason: Changed real domain to lms.mydomain.com for safety reason

  2. #2
    Senior Member
    Join Date
    Feb 2009
    Location
    Washington, DC
    Posts
    179
    Not seeing anything on changing the software clients configuration to let them know the server has a non-default port or to use the proxy, unless the only path between clients and LMS is through the proxy. Not sure what phone app you are using, if it’s iPeng, go to Settings and scroll down to Additional Servers and add New Server.

    I’m not familiar with configuration options on the other software clients you’re using.
    "You know, I'm all for progress. It's change I object to."
    Mark Twain

    LMS 7.9 on Raspberry Pi3 w/200GB SD
    5 Receivers, 1 Boom, 2 Radios, 1 Controller, 1 iPhone & 1 iPad w/iPeng, 1 Android phone w/Squeezer

  3. #3
    Junior Member
    Join Date
    May 2018
    Posts
    9
    Quote Originally Posted by JeffHart View Post
    Not seeing anything on changing the software clients configuration to let them know the server has a non-default port or to use the proxy, unless the only path between clients and LMS is through the proxy. Not sure what phone app you are using, if it’s iPeng, go to Settings and scroll down to Additional Servers and add New Server.

    I’m not familiar with configuration options on the other software clients you’re using.
    i'm not trying to edit the client. the client work well usually, i'm trying to figure out what is LMS doing on the 9000 port that won't go through Apache reverse proxy or iptables nating. i did change the actual port for lms, but only to have it proxied to 9000. so nothing should change.

    Thank's for replying, maybe i should have ask under the linux topic, and not the LMS one.

  4. #4
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,986

    Advanced networking question aboutLMS on linux

    > i'm not trying to edit the client. the client work well usually, i'm
    > trying to figure out what is LMS doing on the 9000 port that won't go
    > through Apache reverse proxy or iptables nating. i did change the actual
    > port for lms, but only to have it proxied to 9000. so nothing should
    > change.


    I think you haven't explained what you're trying to do in the bigger
    picture. But it sounds as if you wanted to make your LMS accessible from
    outside your network. If that's the case, then get VPN or ssh tunneling
    up. Don't expose LMS.

    https://forums.slimdevices.com/showt...o-the-internet!

    If that's not what you're trying to do, then you might want to give us
    the bigger picture.

    Proxying won't work with players, as LMS tells the player what port to
    connect on based on its configuration. If it's listening on port 9000,
    then it'll tell the player to use that port. And that obviously does
    fail, as you don't expose port 9000.

    --

    Michael

  5. #5
    Junior Member
    Join Date
    May 2018
    Posts
    9
    Quote Originally Posted by mherger View Post
    > i'm not trying to edit the client. the client work well usually, i'm[color=blue]

    ILMS tells the player what port to
    connect on based on its configuration. If it's listening on port 9000,
    then it'll tell the player to use that port.

    Michael
    That might be the issue.

    My goal isn't to forward lms throught internet, i'm trying to get a local reverse proxy on apache, but i can't let LMS listen on all interface. If i do, because of the way my network is, package end up leaving on different network to get to the same client.

    What i thought is that i could force LMS to only listen on local, change the local port to let the 9000 free for Apache, and proxy all the traffic through Apache, but if what you say is true, then the tutorial i followed shouldn't work... i'm kinda lost ^^

  6. #6
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,986

    Advanced networking question aboutLMS on linux

    > My goal isn't to forward lms throught internet, i'm trying to get a
    > local reverse proxy on apache, but i can't let LMS listen on all
    > interface. If i do, because of the way my network is, package end up
    > leaving on different network to get to the same client.


    Just as a prove of concept?...

    > followed shouldn't work... i'm kinda lost ^^


    Lost at what? I mean, what's the reason you want to go through all these
    loops and hoops?

    --

    Michael

  7. #7
    Junior Member
    Join Date
    May 2018
    Posts
    9
    Quote Originally Posted by mherger View Post
    what's the reason you want to go through all these oops and hoops?
    I'm so sorry to make you loose time, i think i'm not clear enought. This isn't just to test or else.

    What i need is to be able to acces the web interface from lms.mydomain.com:80 inside my local network. To do that, i made a simple reverse proxy on apache, it was simple and worked, and i still could access lms by it's ip:9000.
    My LMS server have 2 interfaces, one on the local network, and one on an admin network (dedicated to ssh,monitoring and stuff). Because both of them have a default gateway, and my wifi is on a third subnet, LMS didn't have any clear rule on witch gateway to point and my client on wifi was getting data from the 2 network (it didn't work that way).
    In order to fix that i have to force LMS to use a dedicated nic, i did this with
    Code:
    --httpaddr
    . Sadly, if i give him the local ip of the local network, i nolonger can proxy lms.mydomain.com:80 to the lms client because it won't listen on localhost anymore. So i wanted to make LMS listen on localhost, and have apache in front. Because i wanted to keep the default port on my client, and 2 soft can't listen on the same port, i changed LMS port to 8999, ask Apache to listen on :9000.

    With this proxy in place, i could access LMS by lms.mydomain.com:80, lms.mydomain.com:9000 and ip:9000. All of them show the website. But, and this is where i don't understand, Client no-longer can connect to the library.

    Was it more clear ? Can i help you understand it better in any way ?
    Once again, thank's a lot for taking time for me.

  8. #8
    Senior Member
    Join Date
    Sep 2005
    Posts
    2,441
    Quote Originally Posted by vlycop View Post
    /etc/default/logitechmediaserver
    Code:
    # User to run Logitech Media Server as
    SLIMUSER=squeezeboxserver
    
    SLIMOPTIONS="--httpaddr 127.0.0.1 --httpport 8999 --cliaddr 192.168.1.XX --playeraddr 192.168.1.XX --streamaddr 192.168.1.XX"
    /etc/apache2/sites-available/lms.conf
    Code:
    listen 9000
    
    <VirtualHost 172.16.0.100:80  172.16.0.100:9000>
        ServerName lms.xxxxxx.com
    .
    sorry i didnt understand this....

    why are you sing 3 differnt networks?
    127.0.0.0/8
    172.16.0.0/?
    192.168.1.0/24

    and a "fake" .com address not something like .local?
    Where is your dns?
    Last edited by mherger; 2018-05-10 at 22:08.

  9. #9
    Junior Member
    Join Date
    May 2018
    Posts
    9
    After some more diging around, i found out that apach proxy wasn't the issue, but nating was.

    Quote Originally Posted by DJanGo View Post
    sorry i didnt understand this....

    why are you sing 3 differnt networks?
    127.0.0.0/8
    172.16.0.0/?
    192.168.1.0/24

    and a "fake" .com address not something like .local?
    Where is your dns?
    i have actually 4 "network"
    127.0.0.0/8 is localhost, you know that one i'm not going to explain it. i use it to allow apache to talk to LMS.
    192.168.1.0/24 is my user network, for everything like web app, services, nas, and in this case it's the network on witch i need LMS to talk to.
    192.168.20.0/24 is my admin network, for ssh, monitoring, backup..., LMS shouldn't see any of it, but if i don't contain it, i'v seen it reply on this network sometime.
    172.16.0.0/24 is a local (to the server) subnet that allow me to put a fixed IP into Apache, while keeping the ability to have my local and admin network ip changing (This is a requirement of my infrastructure.)
    This is managed by the IPtables rule :
    Code:
    -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.16.0.100
    -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.0.100
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.16.0.101
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.0.101
    172.16.0.100 being the user network, and 172.16.0.101 being the admin network.

    Because i have added the 9000 port into Apache, i have also added this into Iptables :
    Code:
    -A PREROUTING -i eth0 -p tcp -m tcp --dport 9000 -j DNAT --to-destination 172.16.0.100
    and to finish, i do have a real domain, with working dns and revers dns, and (event if in this case it is irrelevant) it is registered online to.


    As i was saying, i found out that the error was actually caused by the nating, and not by apache.
    i tried to disabled Apache and edit /etc/default/logitechmediaserver :
    Code:
    SLIMOPTIONS="--httpaddr 172.16.0.100 --httpport 9000 --cliaddr 192.168.1.XX --playeraddr 192.168.1.XX --streamaddr 192.168.1.XX"
    That way, the only thing that should be different with putting the actual user network ip in --httpaddr is that it is nated by iptables.

    with this config i have the same error, audio client can connect, i can get the webapp with the user network ip:9000 but anything that control lms (squeezeplay, jivelite, androidapp ...) can't connect.
    Without a deeper understanding on the network stack of those, i don't know what go wrong.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •